Re: [Shorewall-users] providers track option and rtrules

Fri, 18 Sep 2015 10:01:57 -0700 

On 09/18/2015 12:33 AM, Vieri Di Paola wrote:
>> From: Tom Eastep <[email protected]>
> 
> 
>> You seem to have TC_EXPERT=Yes, however -- you probably want to change
>> it to No.
> 
> 
> I never changed that option and it has always been off:
> 
> # grep EXPERT /etc/shorewall/shorewall.conf
> TC_EXPERT=No
> 
> I did use "loose" though in "providers" but took it out now. I guess that's 
> the reason you suggested disabling TC_EXPERT.
> 
> Now the first "mangle" method for load balancing seems to work just fine.
> 
> I was using ICMP traceroute and I had to delete conntrack entries as you 
> suggested:
> 
> # conntrack -D -s 10.215.144.48 -d 10.215.236.221 -p icmp
>>> 2) using "rtrules" with high priority and "default" table ("mangle" file 
>>> empty):
>>>
>>> rtrules config file contains:
>>>
>>> 10.215.144.48,10.215.247.194            10.215.244.250          default     
>>>     11001
>>>
>>> Table default:
>>>
>>> 172.28.17.110 dev enp5s0 scope link
>>> 172.20.11.49 dev enp5s1 scope link
>>> default via 172.28.17.110 dev enp5s0 src 172.28.17.105 metric 3
>>> default via 172.20.11.49 dev enp5s1 src 172.20.11.62 metric 2
>>
>> Looks like you simply specified 'fallback' rather than 'fallback=1'. You
> 
>> need the latter to get balancing.
> 
> Right. Changed to fallback=1.
> 
> However, the second "rtrules" method for load balancing still seems to be 
> failing.
> 
> rtrules file contains:
> 
> 10.215.144.48           10.215.236.221          default         11001
> 
> "ip rule list" starts with:
> 
> 0:      from all lookup local
> 1:      from all fwmark 0x200/0x200 lookup Tproxy
> 220:    from all lookup 220
> 999:    from all lookup main
> 10000:  from all fwmark 0x1/0xff lookup WAN
> 10001:  from all fwmark 0x2/0xff lookup CAIB
> 10002:  from all fwmark 0x3/0xff lookup IBS
> 11000:  from 10.215.247.194 to 10.215.236.221 lookup IBS

As I explained earlier, that rule needs to be at priority 998.

-Tom

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to